From: Google AdWords <setup@google.com>
To: xxx@xxx.xxx
Subject: Google AdWords Alert
Date: Wed, 12 Nov 2008 02:27:xx +1000
Hello,
Our attempt to charge your credit card on Wed, 12 Nov 2008 02:27:xx +1000
for your outstanding Google AdWords account balance was declined.
Your account is still open. However, your ads have been suspended. Once
we are able to charge your card and receive payment for your account
balance, we will re-activate your ads.
Please update your billing information, even if you plan to use the
same credit card. This will trigger our billing system to try charging
your card again. You do not need to contact us to reactivate your
account.
To update your primary payment information, please follow these steps:
1. Log in to your AdWords account at: http://adwords .google .com
.session- xxxxxxxxxxxxxxxxxxxx .xxxxxxxxxxxxxxxxxxxx .com68 .ru
3. Click 'Billing Preferences' link.
4. Click Edit next to the appropriate 'Payment Details' section.
5. Enter your new or updated payment information.
6. Click 'Save Changes' when you have finished.
In the future, you may wish to use a backup credit card in order to
help ensure continuous delivery of your ads. You can add a backup
credit card by visiting your Billing Preferences page.
------------------------------------------------------------------
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message. If you
have any questions, please visit the Google AdWords Help Centre at
https://adwords.google.com/support/?hl=en_GB to find answers to
frequently asked questions and a 'contact us' link near the bottom of
the page.
----------------------------------------------------------------
Thank you for advertising with Google AdWords.
We look forward to providing you with the most effective advertising available.
Sincerely,
The Google AdWords Team

The x-ed out stuff was spot-on, the spaces are added to the URL to prevent any reader from clicking on this. It was sent to an email address I actually have used in association with Google adwords, (although it's not that well targeted, I got other copies of it on addresses I use in conjunction with managing websites but not linked to adwords.)

Notice the lack of obvious errors aside of a date that's in the future (their timezone calculation might be off) and the concealed URL that does not point to google.com, but to .com68.ru

Now, when explaining to your users how to detect phishing from real warnings, do you think your users have a reasonable chance of noticing this before the credit card gets abused?

Tracing it back:

com68.ru has a private registration. Sure, what's new.

The email originated in 77.34.0.0/15 (used by an ISP based in Vladivostok).